hijack by www.3721.com

My browser has been taken over by 3721 and has put a chinese keyword
function on my browse,this stops me from english sites.As i don't understand chinese its no use to me,so can someone please help me.I have used there turn of but its still there,even blocked it but it still stays there.

 

I have been into 3721 sites found there email address and sent them 3 emails but they all come back saying can't deliver,have used there feedback but won't go ie comes up error not found.I have on my pc microsoft anti spyware
beta 1,spy blaster,cwshredder,kingsoft anti virus-duba6 andpfw6 and last avg7.So i have tryed all of them blocking 3721 or removing but its still on my pc. The beta 1 tells me thats its threat level:severe,author :Inter China Network Software Co Ltd.The path:c:\windows\downlor\cnshook.dll Versio
1.0.2.3
Technical Details CLSID:{D157330A-9EF3-49F8-9A67-414AC41ADD43}
Prog ID:CnsMinHK.CnsHook.1 Original File Name MD5
c1F1c1654955ab92431balba8728Fe29.
I will run my beta after this and try again but might stop it today but it back next time i open my pc even when you block it and beta tells me its bloked by a pop up screen bottom left.So whats my next step?.

 

Well in the end my let me download HijackThis 1.99,well it took three times but i got there now.I ran this and found problems in02-04-08-09 checked all items to clear but 2 came back and would not clear,eventryed 5 times but would not move. ON one scan the number 8 came back as well. so i did a reboot to see what came back wekk i got the lot back.So must be in the start setup but i blocked that on my spyware today which i ran 3 times and its telling i have a clear system but if i recheck there back and it wont send a copy to microsoft beta 1.So whats my next step? I must say my pc is faster after this clean up.

 

I have Hijackthis 1.99 and run it,found the threads of 3721 removed them all once but they reload them self well 3 do.So did a reboot to see what came up and they reload on auto at startup.The last message are numbers from the program spec and its info.So it looks as i need to go into startup and wipe out 3721 from there.So now i go hunting the keys in startup menu.Sorry about my last message some times my dyslexia comes in.Well i am only (another brick in the wall) .pink floyd

 

restfullone,

You still did not post your log as Chaslang requested. In order to best assist you we need to view the logs we request. Please attach a current HJT log as an attachment to your post and Chas will check it when time permits.

 

I have found this info on CnsMin its a keyword lockup provider that takes over the search features of IE's address bar.Its aimed at providing keywords using chinese characters and is extremely anty social methods make it difficult to uninstall.I have now found the uninstalling info of this program at
www.intermute.com under {C} setion.It seems that i am not the only one to get this problem,so now i can set about removing this from my pc.I would like to thank you all for your support and time.I hope the info i found helps someone remove there software,when they get the same problem

 

Well Honestly all I saw was you talking to you're self (Sorry but it's true)

Should follow the instructions Chas and bj has given you to further insure you are clear from any other nasty things.

 

If you look at my message and read it you would see that i download HijackThis 1.99 in two posts but could not past as my browser has chinese in 90% of my pc.So i found by chance a place that info that was some use to me and might help someone with the same problem. So i wont come back if thats the way you feel.

 

Go ahead and paste the log here and Chaslang will convert it to an attachment for you.

 

I have found some one who reads chinese and have sent a copy of the lod.

 

Good Job! Chaslang will check your log and post you a fix when time permits. Hang in there

 

Well i have removed the three you wanted and then did a re boot.Then went onto Ie to clear but found in the history some 25 lines,all from3721 cleaned them out,then it started to ask to reload 3721 time after time which i blocked with spy bot.I went into start and run under cmd and it came up in chinese,so i now need to get some one to help me with this and yes i can't read chinese at all.So this gives me some problems. I looked on your lead and found that many have this problem with CnsMin and they all say its a sod to remove.So when i find some one to help sort it out i contact you after that.

 

Follow this procedure to remove 3721

3721 is something hated and damned by everyone excluding 3721 itself.

1. Restart the computer, enter safe mode.
2. Run regedit, navigate to:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and then remove the key "CnsMin" at right-side panel.
3. Migrate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\InternetExplorer\AdvancedOptions and then delete the entire "!CNS" directory.
4. Migrate to HKEY_LOCAL_MACHINE\SOFTWARE\3721 and HKEY_CURRENT_USER\Software\3721. Remove BOTH directories.
5. Migrate to HKEY_CURRENT_USER\Software\Microsoft\InternetExplorer\Main, and delete the keys starting with CNS such as CNSEnable.
6. Find files that have 3721, CnsMin, cnsio in their names. They are likely the files used by 3721. Delete them.

-- A 3721 hunter from China

 

Re: Follow this procedure to remove 3721

3721 is a rougue company. 3721 can control your computer; if it doesn't allow you to visit a website, you simply won't be able to. Thus many big sites are not brave enough to fight 3721, as it is hidden in over 90% of computers in China. Microsoft even has PARTNERSHIP with it (try http://china.msn.com/). Those MFs!!!

This software can clean up 3721: http://www.noadware.net/noadware.exe

If you can find someone who knows Chinese, this software can do the job better (it specializes in cleaning up 3721):

http://ftp.pconline.com.cn/pub/download/200409/ban3721.rar

 

I now don't have 3721 on my pc,when trying to remove it it crashed the lot and could not get in,so had a clean install.So thanks for your help and hope some one has better luck than me on this problem.